Ross John Anderson
(born 15 September 1956)
is a researcher, author, and industry consultant in
security engineering
Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in tha ...
.
He is
Professor of Security Engineering at the
Department of Computer Science and Technology, University of Cambridge where he is part of the University's security group.
Education
Anderson was educated at the
High School of Glasgow.
In 1978, he graduated with a
Bachelor of Arts in mathematics and
natural science
Natural science is one of the branches of science concerned with the description, understanding and prediction of natural phenomena, based on empirical evidence from observation and experimentation. Mechanisms such as peer review and repeatab ...
from the
University of Cambridge where he was an undergraduate student of
Trinity College, Cambridge, and subsequently received a qualification in
computer engineering
Computer engineering (CoE or CpE) is a branch of electrical engineering and computer science that integrates several fields of computer science and electronic engineering required to develop computer hardware and software. Computer engineers ...
. Anderson worked in the
avionics and banking industry before moving back to the
University of Cambridge in 1992, to work on his doctorate under the supervision of
Roger Needham and start his career as an academic researcher.
[Curriculum Vitae – Ross Anderson](_blank)
May 2007 He received his PhD in 1995, and became a lecturer in the same year.
[ ]
Research and career
Anderson's research interests
are in security,
cryptology,
dependability and
technology policy.
In
cryptography, he designed with
Eli Biham the
BEAR
Bears are carnivoran mammals of the family Ursidae. They are classified as caniforms, or doglike carnivorans. Although only eight species of bears are extant, they are widespread, appearing in a wide variety of habitats throughout the Nor ...
,
LION
The lion (''Panthera leo'') is a large Felidae, cat of the genus ''Panthera'' native to Africa and India. It has a muscular, broad-chested body; short, rounded head; round ears; and a hairy tuft at the end of its tail. It is sexually dimorphi ...
and
Tiger cryptographic
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
primitives, and co-wrote with Biham and
Lars Knudsen the
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
Serpent
Serpent or The Serpent may refer to:
* Snake, a carnivorous reptile of the suborder Serpentes
Mythology and religion
* Sea serpent, a monstrous ocean creature
* Serpent (symbolism), the snake in religious rites and mythological contexts
* Serp ...
, one of the finalists in the
Advanced Encryption Standard (AES) competition. He has also discovered weaknesses in the
FISH cipher and designed the stream cipher
Pike
Pike, Pikes or The Pike may refer to:
Fish
* Blue pike or blue walleye, an extinct color morph of the yellow walleye ''Sander vitreus''
* Ctenoluciidae, the "pike characins", some species of which are commonly known as pikes
* ''Esox'', genus of ...
.
Anderson has always campaigned for computer security to be studied in a wider social context. Many of his writings emphasise the human, social, and political dimension of security. On online voting, for example, he writes "When you move from voting in person to voting at home (whether by post, by phone or over the internet) it vastly expands the scope for vote buying and coercion",
making the point that it's not just a question of whether the encryption can be cracked.
In 1998, Anderson founded the
Foundation for Information Policy Research
The Foundation for Information Policy Research is a UK-based think tank that studies the interaction between information technology and government, business and civil society. It has been described by academics as "the leading think-tank on inform ...
, a
think tank and
lobbying group on information-technology policy.
Anderson is also a founder of the UK-Crypto mailing list and the
economics of security
The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics. Economics of se ...
research domain.
He is well-known among Cambridge academics as an outspoken defender of academic freedoms, intellectual property and other matters of university politics. He is engaged in the "Campaign for Cambridge Freedoms" and has been an elected member of Cambridge University Council since 2002. In January 2004, the student newspaper ''
Varsity'' declared Anderson to be Cambridge University's "''most powerful person''".
In 2002, he became an outspoken critic of
trusted computing proposals, in particular
Microsoft's
Palladium operating system vision.
Anderson's TCPA FAQ has been characterised by IBM TC researcher David R. Safford as "full of technical errors" and of "presenting speculation as fact."
For years Anderson has been arguing that by their nature large
databases will never be free of abuse by breaches of security. He has said that if a large system is designed for ease of access it becomes insecure; if made watertight it becomes impossible to use. This is sometimes known as ''Anderson's Rule''.
Anderson is the author of ''Security Engineering'', published by Wiley in 2001.
He was the founder and editor of ''Computer and Communications Security Reviews''.
After the vast
Global surveillance disclosure
Global means of or referring to a globe and may also refer to:
Entertainment
* ''Global'' (Paul van Dyk album), 2003
* ''Global'' (Bunji Garlin album), 2007
* ''Global'' (Humanoid album), 1989
* ''Global'' (Todd Rundgren album), 2015
* Bruno ...
leaked by
Edward Snowden
Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...
beginning in June 2013 Anderson suggested one way to begin stamping out the British state's unaccountable involvement in this NSA spying scandal is to entirely end the domestic secret services. Anderson: "Were I a legislator, I would simply abolish
MI5". Anderson notes the only way this kind of systemic data collection has been made possible was through the
business models of private industry. The value of information-driven web companies such as Facebook and
Google is built around their ability to gather vast tracts of data. It was something the intelligence agencies would have struggled with alone.
Anderson is a critic of
smart meter
A smart meter is an electronic device that records information such as consumption of electric energy, voltage levels, current, and power factor. Smart meters communicate the information to the consumer for greater clarity of consumption beha ...
s, writing that there are various privacy and energy security concerns.
[https://www.fipr.org/100110smartmeters.pdf ]
Awards and honours
Anderson was elected a
Fellow of the Royal Society (FRS) in 2009. His nomination reads:
Anderson was also elected a
Fellow of the Royal Academy of Engineering (FREng) in 2009.
He is a fellow of
Churchill College, Cambridge
Churchill College is a constituent college of the University of Cambridge, England. It has a primary focus on science, engineering and technology, but still retains a strong interest in the arts and humanities.
In 1958, a trust was establish ...
.
References
{{DEFAULTSORT:Anderson, Ross J.
British technology writers
Modern cryptographers
Fellows of the Institute of Physics
Fellows of Churchill College, Cambridge
Computer security academics
Copyright scholars
Alumni of Trinity College, Cambridge
Members of the University of Cambridge Computer Laboratory
Living people
Fellows of the Royal Society
1956 births
People from Sandy, Bedfordshire